CVE-2014-2382

Name of the Vulnerable Software and Affected Versions Faronics Deep Freeze Standard and Enterprise versions 8.10 and earlier

Description The issue allows local administrators to cause a denial of service and execute arbitrary code via a crafted IOCTL request. This is related to the IofCallDriver function, which can write to arbitrary memory locations.

Recommendations For versions 8.10 and earlier, consider restricting access to the DfDiskLo.sys driver to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.